Here we are going to see a very Simple example of Using FormBased Authentication of demo. But in this case we won’t use the WebLogic’s default Authenticator provider, Rather we will create a separate SQL Authenticator provider inside the Security Realm and the we will insert some Users information in the Database so that we can validate the Database users using our FormBased Authentication technique.

Step1). Create the following Tables “USERS”, “GROUPS” and “GROUPMEMBERS” with exactly same Data Definition as mentioned below:

insert into USERS values('weblogic','weblogic','This is an Admin User with username weblogic, password weblogic');
insert into GROUPS values('Adminsitrators','This is an Administrators Group');
insert into GROUPMEMBERS values('Adminsitrators','weblogic');

Step3). Create a DataSource baed on whetever dataSource you want to chose. I created a Simple DataSource like following “$DOMAIN_HOME/config/jdbc/SQLAuthDS-8981-jdbc.xml”:

Now Click On your ProviderName “MySQLAuthenticatorProvider” and go to “Provider Specific” (Tab) and then select the following values:
Plaintext Passwords Enabled (Check this Check Box)
Data Source Name: SQLAuthDS
Group Membership Searching: unlimited

Rest of the things will be as it is Default.

SQL_Auth_Provider_Second

Step5). Now Go to Security Realm and the do the following:
Home——————)Summary of Security Realms ——————)myrealm ——————)Providers ——————) DefaultAuthenticator (click) Now Change it’s “Control Flag” to “OPTIONAL”
Save above Changes.

Step6). Now again Go to Security Realm and the do the following:
Home——————)Summary of Security Realms——————)myrealm ——————)Providers——————) MySQLAuthenticatorProvider (click) Now Change it’s “Control Flag” to “REQUIRED”
Save above Changes.

Step7). Now restart your Server so that the Changes will take effect (Make Sure that the Database is running).

insert into USERS values('testuser','testpassword','This is an testuser User with username testuser, password testpassword');
insert into GROUPS values('testgroup','This is an test Group');
insert into GROUPMEMBERS values('testgroup','testuser');

4 Comments for this entry

Thanks again for this wonderful explanatory article. It helped me understand lot of things. My question was little bit different.

If using JAAS I have to do authentication and authorization how I will I do? If I have my own LoginModule where I connect to the DB and authenticate my user. In that I will also want to maintain a cache of authenticated users. The user login page is the one whose action “j_security_check” (as in this example of yours). Where to place the jaas.config file in WLS? If I have to implement basic JAAS how would I do it?

ServletAuthentication.weak() saves the username in HttpSession under the key “weblogic.authuser”. As soon as clients HTTP requests reaches to the WebLogic Server, The Weblogic uses this key to recover username from HttpSession. That’s why For Http Based Clients you should use ServletAuthentication.weak(). You should not use any alternative authentication class/method in JAAS or Weblogic API such as LoginContext.login() and weblogic.security.services.Authentication.login(). Those alternative classes/methods will, of course, properly validate password. But it works only for the current http request. Because they do not save the username under the special key “weblogic.authuser”, Weblogic would not be able to recover the username for subsequent requests.

So JAAS is not recommended in your case as you are using FormBased Authentication whcih is Http Based nopt RMI/T3 based.

Hi Team ,
I have a query regarding the user ” oraclesystemuser” Please let me know what is the purpose of this user .
I have noticed the “oraclesystemuser” is created by default when we install SOA Suite and setup the domains . Its part of the group ” oraclesysetmgroup” . I would like to know the use of the this user . I am planning to change the password of the uset “oraclesystemuser” and would like to know what are the impacts related with this to the domains and what are the areas where we need to change the password . The current SOA Suite version is 11.1.1.3.0 and OS being used is redHat Enterprise Linux .Do let me know if you need anything else ?

1. I am using weblogic 11g SQL authenticator to authenticate the users in my application and it s working fine.
Here we are using FORM based authentication and SQL authenticator.

2. But as the enhancements occurs and I want to authenticate the user on certain condition instead of default
condition provided by weblogic.For e.g: I want to authenticate the user on the basis of his username, password
and Status.

3.User will enter only username and password in the login page.But while authentication, even username and password
are match and the status column value is “N”, the page should redirect to error page.
When username and password are match and the status column value is “Y”, then only page should redirect to home page.

4.To make the above things happend, we have to add the ‘status’ column to ‘USERS’ table.But where i am facing the
problem is, where do we change the queries to include the status column apart from username and password while authenticating.